Our iOS application uses a custom protocol (NSURLProtocol) to directly manage loading certain data needed by a UIWebview. This has worked fine until iOS 9 with XCode 7.
Now, since the main site is loaded using HTTPS, the UIWebview throws an error when the custom protocol resource is referenced, because it thinks it's insecure (in fact, it's not, we load it using SSL, just not https://). The app is already built with "Allow Arbitrary Loads" because we have some other things that require that, and I would have thought this inherited the NSTemporaryThirdPartyExceptionAllowsInsecureHTTPLoads, which it seems this is hitting up against, but who knows.
Is there any way to convince iOS 9 that our custom protocol can be accessed from HTTPS? Note - we don't use an iframe or anything like that in the UIWebview - these resources are requested using Ajax/XHR and the app's NSURLProtocol is invoked and takes over loading the data and returning the response.
The custom scheme is also listed in URL Types, but this doesn't seem to change any behavior (in or out, same error). Here's the specific error:
[blocked] The page at https://example.com/path/redacted was not allowed to display insecure content from mycustomprotocol://different.example.com/path/redacted.
EDIT: Downloaded Xcode 6.4, rebuilt the app and it seems to work just fine on iOS 9.x, no issues with the custom protocol. Obviously, this isn't a long-term solution. Hoping someone still has some insight on how to resolve in Xcode 7+.
